[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Secure Internet-based Electronic Commerce: The View from Outside the US
[email protected] wrote ...
> I've just made a draft copy of this paper available for comment as
> http://www.cs.auckland.ac.nz/~pgut01/paper.htm, a copy of the introduction is
> given below. The whole thing is around 170K long (40 A4 pages when printed).
> If anyone has any comments to make on it, please let me know.
>
> Peter.
1) "...the number of security problems inherent in SMTP are legendary"
Incorrect. SMTP is safe.
Some (most?) implementations of SMTP have not been safe.
There is a big distinction between the protocol and its implementation.
2) "C2...now being applied to networked single-user systems over
multiple windows (which may require different security levels)"
I'm not aware of anyone doing that - doesn't mean it's not happening -
just seems an unusual configuration.
Other than these nits seems a v. thoroughly researched paper.
> Introduction
> ------------
>
> [...]
>
> Because of well-publicized break-ins there has been a steadily increasing
> demand for encryption and related security measures to be included in software
> products. Unfortunately these measures often consist either of "voodoo
> security" techniques where security is treated as a marketing checkbox only,
> or are rendered ineffective by the US governments refusal to allow
> non-americans access to the same security measures which it allows its own
> citizens. Organisations employing such (in)security systems may make
> themselves liable for damages or losses incurred when they are compromised.
> This paper covers the issues of using weak, US government-approved security as
> well as problems with flawed security measures, examines some of the measures
> necessary to provide an adequate level of security, and then suggests several
> possible solutions.
In general you equare security with cryptography - which is fine -
but there are other tools that you need to use in addition to cryptography
to secure a system and network.
--
Nicolas Hammond NJH Security Consulting, Inc.
[email protected] 211 East Wesley Road
404 262 1633 Atlanta
404 812 1984 (Fax) GA 30305-3774